NSE8_810 Online Practice Questions and Answers

You have a customer with a SCADA environmental control devices that is trigged a false- positive OPS alert whenever the device's Web GUI is accessed. You cannot seem to create a functional custom IPS filter expert this behavior, and it appears that the device is so old that it does HTTPS support. You need to prevent the false posited IPS alert occurring.

In this scenario, which two actions would accomplish this task? (Choose two.)

A. Create a very granular firewall for that device's IP address which does not perform IPS scanning.

B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow- based.

C. Create a URL filter with the exempt action for that device's IP address.

D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.

Click the Exhibit button.

A FortiGate with the default configuration is deployed between two IP phones. FortiGate receives the INVITE request shown in the exhibit form Phone A (internal)to Phone B (external). Which two actions are taken by the FortiGate after the packet is received? (Choose two.)

A. A pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49169 and 49170.

B. a pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49l70 and 49171.

C. The phone A IP address will be translated lo the WAN IP address in all INVITE header fields and the m: field of the SDP statement.

D. The phone A IP address will be translated for the WAN IP address in all INVITE header fields and the SDP statement remains intact.

Click the Exhibit button.

config system ha

set mode a-a

set group-id 1

set group-name main

set hb_dev port2 100

set session-pickup enable

end

You have configured an HA cluster with two FortiGates. You want to make sure that you are able to

manage the individual cluster members directly using port3.

Referring to the exhibit, what are two ways to accomplish this task? (Choose two.)

A. Disable the sync feature on porl3: then configure specific IPs for ports on both cluster members.

B. Configure port3 to be a dedicated HA management interface, then configure specific IPs for port3 on both cluster members.

C. Create a management VDOM and Disable the HA synchronization for this VDOM, assign ports to this VDOM, then configure specific IPs for ports on both cluster member.

D. Allow administrative access in the HA heartbeat interfaces.

A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with

one SYN/ACK packet per SYN packet ftom a new source IP address.

Which SYN packet from a new source IP address.

Which SYN flood mitigation mode must the customer use?

A. SYN cookie

B. SYN/ACK cookie

C. ACK cookie

D. SYN retransmission

Exhibit Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

A. The policy redirects all HTTP URLs to HTTPS.

B. The policy redirects all HTTPS URLs to HTTP.

C. The policy redirects only HTTPS URLs containing the ^/ (. *) S string to HTTP.

D. The pokey redirects only HTTP URLs containing the^/ ( .*)S string to HTTPS.

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris.

Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. aggressive aging mode

B. rate limiting mode

C. blocking mode

D. asymmetric mode

Exhibit

When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?

A. The vCenter was not able locate the FortiGate-VMX's OVF file.

B. The vCenter could not connect to the FortiGate Service Manager

C. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.

D. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Service.

Click the Exhibit button.

The FortiAP profile used by the FortiGate managed AP is shown in the exhibit.

Which two statements are correct in this scenario? (Choose two.)

A. All FortiAPs using thre profile will nave Radio 1 scan rogue access points.

B. Map this profile to SSlDs that you want to be available on the FortiAPs using this profile.

C. All FortiAPs using this profile will have Radio 1 monitor wireless clients.

D. Interference will be prevented between FortiAPs using this profile.

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B

B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A.

C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device.

D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another device.

Click the Exhibit button.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate 瑽 to reach the server.

Which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. FortiGate-A must generate a RADUIS accounting packets.

C. Use FortiAuthenticator.

D. Use the Collector Agent.